49 matches found
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the $include directive in configuration file resolution. An attacker can access arbitrary files outside the intended directory by specifying absolute or traversal...
GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
OpenClaw vulnerable to arbitrary file read via $include directive
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
PT-2026-24671
Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...
PT-2026-21097
Name of the Vulnerable Software and Affected Versions thembay Nika versions through 1.2.14 Description An issue exists in thembay Nika that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This is a PHP Remote File Inclusion issue...
openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0334-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0334-1 advisory. - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives...
EUVD-2022-2384
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-1120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive...
CVE-2022-1120
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...
CVE-2020-12827
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...
GHSA-4HCH-R9XF-6VFR MJML vulnerable to path traversal
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...
openssh security, bug fix, and enhancement update
8.0p1-13 - Upstream: ClientAliveCountMax=0 disable the connection killing behaviour 2015828 8.0p1-12 - Add support for 'Include' directive in sshdconfig file 1926103 8.0p1-11 - CVE-2021-41617 upstream fix 2008885...
CVE-2022-1120
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...
UBUNTU-CVE-2022-1120
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration...
PT-2022-13670 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.7.7 GitLab CE/EE versions 14.8 prior to 14.8.5 GitLab CE/EE versions 14.9 prior to 14.9.2 Description: The issue concerns missing filtering in an error message, which exposes sensitive information when an...
GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞
GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...
SUSE: Security Advisory (SUSE-SU-2018:2162-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : nasm (openSUSE-2020-954)
This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...
CVE-2020-12827
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...
Path traversal
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document...